CVE Ape is an open source command-line tool that creates a local copy of the National Vulnerability Database (NVD) and Common Vulnerabilities and Exposures (CVEs) databases for offline vulnerability searching. The tool allows users to search for registered CVEs by package name, vendor name, or through OS libraries and packages listed in package lists. It downloads CVE data and stores it locally in the ~/.cache/cve-ape/ directory, enabling offline operations after the initial database creation. CVE Ape is designed primarily for reviewing Linux-based IoT devices but can be integrated into CI/CD pipelines to enhance security maintenance. The tool provides basic vulnerability identification capabilities, though it does not check for backports or vendor-specific patches unless explicitly configured. The application requires an initial online update to establish the local database before offline functionality becomes available. It operates through a simple interface focused on CVE lookup and identification tasks.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
Simple script to check a domain's email protections and identify vulnerabilities.
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.